Tuesday, June 13, 2017

Mozilla Firefox Version 54.0


FirefoxMozilla sent Firefox Version 54.0 to the release channel today.  Firefox ESR was updated to version 52. The update includes 1 (one) critical, 8 (eight) high and 1 (one) moderate security update.

The next scheduled release is August 8, 2017 (5 week cycle with release for critical fixes as needed).

New
  • Added Burmese (my) locale
  • Added support for multiple content processes (e10s-multi)
  • Simplified the download button and download status panel

Changed
  • Moved the mobile bookmarks folder to the main bookmarks menu for easier access
Update:

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Updates for June, 2017



The June Microsoft updates address vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Silverlight, Skype for Business and Lync and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

Known Issues
4022717
4022726
4022715


For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 Update history.

To have a better understanding about the updates released today, see the Zero Day Initiative — The June 2017 Security Update Review by Dustin Childs.

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Critical Shockware Player Update

      Shockwave Player Adobe has released a critical security update for Adobe Shockwave Player which update address a memory corruption that could potentially lead to remote code execution.

      Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.

      Release date: June 13, 2017
      Vulnerability identifier: APSB17-18

      CVE number: CVE-2017-3086
      Platform: Windows

      The newest version 12.2.9.199 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

      References


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Adobe Flash Player Critical Security Update

      Adobe Flashplayer

      Adobe has released Version 26.0.0.126 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

      These updates address critical vulnerabilities including a use-after-free vulnerability that could lead to code execution and memory corruption vulnerabilities that could lead to remote code execution.

      Release date:  June 13, 2017
      Vulnerability identifier: APSB17-17
      CVE Numbers:   CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082
      Platform: Windows, Macintosh, Linux and Chrome OS

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Sunday, May 28, 2017

        Memorial Day: Remembering Those Who Gave Their All for Their Country

        Vietnam Memorial Wall
        April 30, 2005
        Photograph by Luigi Masu

        Memorial Day is a day set aside to remember those who have died in the service of their country.  It is also a time when I remember a very special Canadian who likely knew more about U.S. politics and history than most U.S. citizens. Memorial Day 2007 was his last blog post, reading in part:
        "Memorial Day was officially proclaimed on 5 May 1868 by General John Logan, national commander of the Grand Army of the Republic, in his General Order No. 11, and was first observed on 30 May 1868, when flowers were placed on the graves of Union and Confederate soldiers at Arlington National Cemetery. The first state to officially recognize the holiday was New York in 1873. By 1890 it was recognized by all of the northern states. The South refused to acknowledge the day, honoring their dead on separate days until after World War I (when the holiday changed from honoring just those who died fighting in the Civil War to honoring Americans who died fighting in any war). For more history of Memorial Day visit Memorial Day History."

        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Tuesday, May 09, 2017

        Microsoft Security Updates for May, 2017


        After today, Windows 10 devices running version 1507 will no longer receive security and quality updates.  Instructions on how to update to the latest Windows 10 version are available in this Microsoft support article.

        May Security Update Details:

        The May Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

        For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.

        However, to actually have a better understanding about the updates released today, see Zero Day Initiative — The May 2017 Security Update Review by Dustin Childs.
         

          Additional Update Notes

          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
          • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

          References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...





            Adobe Flash Player Critical Update

            Adobe Flashplayer

            Adobe has released Version 25.0.0.171 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

            These updates address critical vulnerabilities including a use-after-free vulnerability that could lead to code execution and memory corruption vulnerabilities that could lead to code execution.

            Release date:  May 9 11, 2017
            Vulnerability identifier: APSB17-15
            CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-30744
            Platform: Windows, Macintosh, Linux and Chrome OS

            Update:

            *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

              References



              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...









              Monday, May 08, 2017

              Security Update for Microsoft Malware Protection Engine



              Microsoft released Security Advisory 4022344 about an update to the Microsoft Malware Protection Engine.  The update addresses a security vulnerability that was reported to Microsoft.

              The vulnerability addressed in the update could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. According to the Advisory,
              "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."

              An updated MSRT will be included with the Security Updates on May 9.  Windows Defender will automatically update or can be manually launched and checked for updates.

              References:




              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              False/Positives of WinPatrol wpsetup.exe and Access to Website

              WinPatrol Scotty

              Since the new release of WinPatrol Version 35.5.2017.8 was announced, there have been reports of the wpsetup.exe being detected as a trojan.  I reached out to Bret Lowry who gave me permission to share information about both the false/positives as well as problems reaching WinPatrol.com.

              False/Positives

              Those are false positives; we have reported them to most of the manufacturers.
              Many are due to BitDefender having a false positive.
              Emsisoft
              GData
              eScan
              Ad-Aware

              All use BitDefender under the covers. You can tell by looking at the detection name in VirusTotal.
              Symantec reports ALL new binaries as a potential threat until the manufacturer contacts them, that is how they are handling the flood of new malware. They’ve been doing that for years now but no one calls them out for it out of fear of the giant.

              It is due to our using the InstallMate installer.
              The installer is not infected. {emphasis added}

              What would be super helpful would be a grass roots campaign demanding VirusTotal act responsibly by providing a link on their site for reporting false positives directly to the manufacturer in question.

              Access to WinPatrol.com

              There have also been reports of problems reaching the WinPatrol website.  Bret indicated that problem with the slowness is not due to problems at WinPatrol.com.  Rather the issue is due to the Internet Backbone company Level3.  As can be seen from the following link to the Level3 Outage map, the problem with Level3 connectivity is widespread:  http://downdetector.com/status/level3/map/Although I found access slow earlier today, I was able to get the update by launching WinPatrol and selecting "Check for Save Updates" from the PLUS tab.

              You can find the unofficial WinPatrol forum at LandzDown here

              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              WinPatrol Update Released

              WinPatrol Scotty

              WinPatrol Version 35.5.2017.8 was released with several fixes to better align with Windows 10.

              Fixes:
              • Fixed addition of Startup programs to be compatible with recent changes to Windows 10.
              • Fixed removal of Startup programs to be compatible with recent changes to Windows 10.
              • Disabled and removed checkbox for “Allow PLUS info data collection” because recent changes in allowed URL length resulting in no data being returned for customers.

              Direct Download Link: WinPatrol Version 35.5.2017.8


              You can find the unofficial WinPatrol forum at LandzDown here.


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Friday, May 05, 2017

              Mozilla Firefox Verson 53.0.2 Released


              FirefoxMozilla sent Firefox Version 53.0.2 to the release channel today.  (No references made to version 53.0.1.)  When checking, I wasn't offered an update to Firefox ESR.

              The next scheduled release is June 13, 2017 (5 week cycle with release for critical fixes as needed).

              Security Fix:

              Fixed

              • Make form validation errors and date picker panel visible to the user (Bug 1341190)

              Changed

              • The non-standard showDialog argument to window.find is now ignored (Bug 1348409)
                Update:

                To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...




                  Friday, April 28, 2017

                  PaleMoon Version 27.3 Released with Security Updates


                  Pale Moon
                  Pale Moon has been updated to Version 27.3.  Included in the updates are DiD* patches.
                  *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

                  Note that Version 27.3 is a major development update with many changes in the media back-end.  As a result, it is important to realize that some aspects are still a work in progress and some html5 video playback issues with MSE (Media Source Encryption) may be encountered.

                  Details from the Release Notes:

                  Security/privacy changes:
                  • Updated NSS to 3.28.4-RTM to address a number of issues.
                  • Added support for RSA-AES(-GCM)-SHA256/384 suites to broaden compatibility.
                  • Reconfigured networking security: disabled static DHE suites by default, enabled all RSA-AES(-GCM)-SHA256/384 suites in their stead.
                  • Fixed referrer policy keyword to align with the current spec ("cross-origin" vs "crossorigin").
                  • Added an option to display punycode domain for IDN websites to combat phishing.
                    This is enabled by default for domain-validated https sites.
                    Preference: browser.identity.display_punycode
                    0 = Display IDN name in identity panel (previous behavior)
                    1 = Display punycode name for DV SSL domains (default)
                    2 = Also display punycode for HTTP sites if IDN name used
                  • Fixed an issue to prevent contacting remote servers when a connection might get blocked.
                  • Fixed 3 public security flaws in libevent, which may affect Mozilla-based products. DiD
                  • Fixed several memory- and thread-safety hazards.
                  • Fixed an address bar spoofing issue. (CVE-2017-5451)
                  • Fixed a potentially exploitable crash with HTTP/2. (CVE-2017-5446)
                  • Fixed several security hazards in XSLT processing. (CVE-2017-5438) (CVE-2017-5439) (CVE-2017-5440)
                  • Fixed several security hazards in old protocols. (CVE-2017-5444) (CVE-2017-5445)
                  • Fixed out-of-bounds access in text formatting. (CVE-2017-5447)
                  • Fixed a potentially exploitable issue with innerText. (CVE-2017-5442)
                  • Fixed a potentially exploitable issue in graphite font shaping.
                  • Fixed a potentially exploitable crash with credential-authentication.
                  • Fixed out-of-bounds access with text selection in rare cases.
                  • Fixed a security hazard in the ANGLE library.
                      Changes/fixes:
                      • Fixed up, checked and enabled vertical text writing modes!
                        Pale Moon will now be able to display vertical, right-to-left script.
                      • Added the option to reset non-default profiles.
                      • Fixed various issues in the WebP image decoder.
                      • Added internally-supported document types to allowed types.
                      • Fixed locale selection in ICU after update to ICU58.
                        (Note: Pale Moon uses the system locale for date formatting, not the browser locale)
                      • Re-implemented the previous spellchecker dictionary logic (allow user override of document/element language, improve logic and make it unambiguous).
                      • Ongoing fixes for the MP4 parser and MSE.
                      • Made HTML Media Elements' preload attribute MSE-spec compliant.
                        The preload attribute on HTML media elements is now ignored in the case of an MSE source. This prevents an issue with sourceopen not firing when preload="none".
                      • Fixed some issues with Windows WMF media playback.
                      • Fixed an issue with Synced preferences sometimes overwriting stored individual preferences.
                      • Fixed display of RSS folder icons.
                      • Fixed issues with custom context menus.
                      • Fixed an issue importing bookmarks with separators losing their extra data.
                      • Changed the way numeric addresses are handled in the address bar so it doesn't perform a search when it shouldn't.
                      • Added an option (browser.sessionstore.cache_behavior) to control from which source restored tabs pull their page content:
                        0 = load restored tab data from cache (current behavior, default)
                        1 = refresh restored tab data from the network
                        2 = refresh stored tab data from the network and bypass any cached data.
                      • Improved upon a v27 performance regression with SVG scaling.
                      • Improved performance by being more selective which CSS animations to process.
                        As a side-effect, elements changing their display from "none" to something visible now also animate.
                      • Increased memory allocation for the use of very large PAC files.
                      • Added menu entries for the permissions manager and improvements to its function and display.
                      • Added preferences to control "highlight all" behavior of the find bar:
                        accessibility.typeaheadfind.highlightallbydefault = true/false highlight all found words by default.
                        accessibility.typeaheadfind.highlightallremember = true/false remember the last-used state of Highlight All.
                      • Added devtools command-line options.
                      • Added remote IP and protocol to Devtools->Network entry details.
                      • Added support for
                        and HTML tags.
                      • Fixed a regression in the MSIE profile migrator.
                      • Removed migration of browser-specific settings when migrating data from IE/Safari.
                      • Implemented optional parameters for permessage-deflate in preparation for RFC7692 errata making acceptance of them mandatory (and to prevent web compat issues doe to the current conflicting text of it).
                      • Made the image document favicon skinnable.
                      • Aligned DOM selection addRange with the spec.
                      • Exposed mozAnon constructor js binding to system scopes for XHR.
                      • Enhanced form data handling from JavaScript.
                      Minimum system Requirements (Windows):
                      • Windows Vista/Windows 7/8/10/Server 2008 or later
                      • Windows Platform Update (Vista/7) strongly recommended
                      • A processor with SSE2 instruction support
                      • 256 MB of free RAM (512 MB or more recommended)
                      • At least 150 MB of free (uncompressed) disk space
                      Pale Moon includes both 32- and 64-bit versions for Windows:

                      Update

                      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...


                      Wednesday, April 19, 2017

                      Mozilla Firefox Version 53.0 Released with Massive Security Updates


                      FirefoxMozilla sent Firefox Version 53.0 to the release channel today.  The update includes a massive 35 security updates identified as eight (8) Critical, sixteen (16) High, seven (7) Moderate updates and four (4) low security updates.  Firefox ESR was updated to version 45.9.0.

                      The next scheduled release is June 13, 2017 (5 week cycle with release for critical fixes as needed).

                      Security Fixes:

                      Critical

                      High

                      Moderate

                      Low

                      New

                      • Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
                      • Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
                      • Lightweight themes are now applied in private browsing windows
                      • Reader Mode now displays estimated reading time for the page
                      • Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer

                      Changed

                      • Updated the design of site permission requests to make them harder to miss and easier to understand
                      • Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
                      • 32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
                      • Updates for Mac OS X are smaller in size compared to updates for Firefox 52
                      • Media playback on new tabs is blocked until the tab is visible
                      • The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
                      • New visual design for audio and video controls
                      • Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
                      Update:

                      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                        References




                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...




                        Tuesday, April 18, 2017

                        Oracle Java Critical Security Updates Released

                        java

                        Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains eight (8) new security fixes for Oracle Java SE. 
                        Details for the CVE's addressed in the update are available here.

                        Update

                        If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                        Download Information

                        Download link:  Java SE 8u131

                        Verify your version:  http://www.java.com/en/download/testjava.jsp

                        Notes:
                        • Minimally, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
                        • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

                        Critical Patch Updates

                        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                        • 18 July 2017
                        • 17 October 2017
                        • 16 January 2018
                        • 17 April 2018

                        Unwanted "Extras"

                        Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                        Do the following to suppress the sponsor offers:
                        1. Launch the Windows Start menu
                        2. Click on Programs
                        3. Find the Java program listing
                        4. Click Configure Java to launch the Java Control Panel
                        5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                        6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                        Java suppress sponsor offers

                        Java Security Recommendations


                        1)  In the Java Control Panel, at minimum, set the security to high.
                        2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

                        3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                        References




                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...




                        Sunday, April 16, 2017

                        "Khrystos Voskres!" Happy Easter!



                        "Khrystos Voskres!"

                        (Christ is Risen!)






                        "Voistyno Voskres!"

                        (He is Truly Risen!)






                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...




                        Tuesday, April 11, 2017

                        Microsoft Security Updates for April, 2017


                        Today marks a red letter day for Microsoft updates.  In addition to security updates, sparking the most attention is the official release of the Windows 10 Creators Update (see the Windows Experience Blog post, What’s new in the Windows 10 Creators Update).

                        Of lesser interest to many is the official "End of Life_ for Windows Vista.

                        Also of note is the security guidance, Defense-in-Depth Update for Microsoft Office:
                        "Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released.

                        Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871."

                        April Security Update Details:

                        The April Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

                        Microsoft has completed the change replacing security bulletins with the new Security Updates Guide.  The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates. For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.
                         

                          Additional Update Notes

                          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                          • Reminder:  Windows Vista Reaching End of Live (EoL)
                          • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                          References


                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...





                            Adobe Flash Player Critical Security Update

                            Adobe Flashplayer

                            Adobe has released Version 25.0.0.148 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                            These updates address critical vulnerabilities that could lead to code execution and potentially allow an attacker to take control of the affected system. 

                            Release date: April 11, 2017
                            Vulnerability identifier: APSB17-10
                            CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
                            Platform: Windows, Macintosh, Linux and Chrome OS

                            Update:

                            Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                              Verify Installation

                              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                              Do this for each browser installed on your computer.

                              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                              References



                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...








                              Adobe Reader and Acrobat Critical Security Updates

                              Adobe

                              Adobe has released security updates for Adobe Reader and Acrobat XI for Windows and Macintosh. These updates address critical vulnerabilities including code execution, heap buffer overflow, memory corruption, integer overflow, memory corruption and, finally, vulnerabilities in the directory search path used to find resources that could lead to code execution.


                              Release date: April 11, 2017
                              Vulnerability identifier: APSB17-11
                              CVE Numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
                              Platform: Windows and Macintosh

                              Update or Complete Download

                              Update checks can be manually activated by choosing Help > Check for Updates.
                                Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

                                Enable "Protected View"

                                Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

                                To enable this setting, do the following:
                                • Click Edit > Preferences > Security (Enhanced) menu. 
                                • Change the "Off" setting to "All Files".
                                • Ensure the "Enable Enhanced Security" box is checked. 

                                Adobe Protected View
                                Image via Sophos Naked Security Blog

                                References



                                Home
                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...







                                Thursday, March 30, 2017

                                Windows Vista Reaching End of Live (EoL)




                                Windows Vista, the operating system so many people learned to dislike. 

                                Personally, I enjoyed using Windows Vista during its prime but quickly learned to appreciate the many improvements in Windows 7 and, in particular, Windows 10.

                                The official RTM (Release to Manufacture) of Windows Vista was November 8, 2006.  Now, over ten years later, on Tuesday, April 11, 2017, the operating system is reaching EoL (End of Life).

                                Although there may be updates included for Windows Vista with the April 11 security updates, reaching EoL means that after that date the operating system will receive no additional
                                • Security updates,
                                • Non-security hot-fixes,
                                • Free or paid assisted support options, or
                                • Online technical content updates from Microsoft.
                                  Although computers running the Windows Vista will continue to work, without future security updates, there may well be an increase in risk of viruses and other security threats.  In addition, signature updates for Microsoft Security Essentials are only expected to be available for a limited time.



                                  References:
                                  Home
                                  Remember - "A day without laughter is a day wasted."
                                  May the wind sing to you and the sun rise in your heart...

                                  Tuesday, March 28, 2017

                                  Coming Soon: Windows 10 Creators Update (Information and Suggestions)

                                  Windows 10 Creators Update


                                  The date that has been rumored for the global release of the Windows 10 Creators Update is April 11, 2017, just two weeks away.  Although no official announcement has been made or is expected from Microsoft, with the news today that ISO files are available for Build 15063 for both PCs and phones in the Fast Ring, PCs in the Slow Ring and those on the Xbox Insider Program, it appears the rumored date may indeed be correct.

                                  Update:   Windows 10 Creators Update coming April 11, Surface expands to more markets

                                  As with the Anniversary Update last year, it is expected that the initial roll-out of the Creators Update will be slow, gradually picking up over several months.  As Gregg Keizer wrote in Microsoft paces delivery of Windows 10 upgrades,
                                  "According to advertising network AdDuplex, 60 days after the Aug. 2, 2016, introduction of Windows 10 1607 -- aka Anniversary Update -- just 35% of measured Windows 10 PCs were running the upgrade. By the 90-day mark, however, that number had soared to 80%, showing that Microsoft, after a purposefully slow start, had stomped on the update accelerator."
                                  This was confirmed by John Cable, Microsoft Director of Program Management within the Windows Servicing and Delivery (WSD) team in Providing customers with more choice and control in the Creators Update.

                                  Important

                                  💥 Having installed each of the Insider Builds, I really like the improvements in that have been made along the way.  Although I have not had any failures installing the numerous Insider Builds on my 2008 device, hardware and drivers vary from device to device.  Thus, before proceeding with the installation of the Creators Update, be sure that, minimally, all important documents, irreplaceable pictures and other files are backed up prior to installing the new version.  Ideally, create a system image before installing the update.

                                  💥 In the event you have Windows 10 Pro and need to delay the update, it can be deferred for up to four months.  From Settings, navigate to Update & Security.  In Windows Update, select the link for "Advanced options" and check the box for "Defer feature updates".

                                  💥 The installation of the Creators Update is essentially replacing the entire operating system.  As a result, all previously created System Restore points are gone since they no longer apply.  It is important after the update has completed to enable System Restore.  To do this
                                  1. Navigate to Control Panel\All Control Panel Items\System
                                  2. Select "System protection"
                                  3. Click your system disk and note that it is shown as "off" 
                                  4. Click "Configure" and select "Turn on System Protection" 
                                  5. Ok the change and close the windows. 

                                  Windows 10
                                  Following is a small collection of articles by various journalists providing different perspectives of what to expect in the Creators Update.  Additional articles of interest are included below in the "References".

                                  References:


                                  Home
                                  Remember - "A day without laughter is a day wasted."
                                  May the wind sing to you and the sun rise in your heart...